What's new in Tornado 2.1
=========================
Sep 20, 2011
------------
Backwards-incompatible changes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Support for secure cookies written by pre-1.0 releases of Tornado has
been removed. The `RequestHandler.get_secure_cookie` method no longer
takes an ``include_name`` parameter.
* The ``debug`` application setting now causes stack traces to be displayed
in the browser on uncaught exceptions. Since this may leak sensitive
information, debug mode is not recommended for public-facing servers.
Security fixes
~~~~~~~~~~~~~~
* Diginotar has been removed from the default CA certificates file used
by `SimpleAsyncHTTPClient`.
New modules
~~~~~~~~~~~
* `tornado.gen`: A generator-based interface to simplify writing
asynchronous functions.
* `tornado.netutil`: Parts of `tornado.httpserver` have been extracted into
a new module for use with non-HTTP protocols.
* `tornado.platform.twisted`: A bridge between the Tornado IOLoop and the
Twisted Reactor, allowing code written for Twisted to be run on Tornado.
* `tornado.process`: Multi-process mode has been improved, and can now restart
crashed child processes. A new entry point has been added at
`tornado.process.fork_processes`, although
`tornado.httpserver.HTTPServer.start` is still supported.
``tornado.web``
~~~~~~~~~~~~~~~
* `tornado.web.RequestHandler.write_error` replaces ``get_error_html`` as the
preferred way to generate custom error pages (``get_error_html`` is still
supported, but deprecated)
* In `tornado.web.Application`, handlers may be specified by
(fully-qualified) name instead of importing and passing the class object
itself.
* It is now possible to use a custom subclass of ``StaticFileHandler``
with the ``static_handler_class`` application setting, and this subclass
can override the behavior of the ``static_url`` method.
* `~tornado.web.StaticFileHandler` subclasses can now override
``get_cache_time`` to customize cache control behavior.
* `tornado.web.RequestHandler.get_secure_cookie` now has a ``max_age_days``
parameter to allow applications to override the default one-month expiration.
* `~tornado.web.RequestHandler.set_cookie` now accepts a ``max_age`` keyword
argument to set the ``max-age`` cookie attribute (note underscore vs dash)
* `tornado.web.RequestHandler.set_default_headers` may be overridden to set
headers in a way that does not get reset during error handling.
* `RequestHandler.add_header` can now be used to set a header that can
appear multiple times in the response.
* `RequestHandler.flush` can now take a callback for flow control.
* The ``application/json`` content type can now be gzipped.
* The cookie-signing functions are now accessible as static functions
`tornado.web.create_signed_value` and `tornado.web.decode_signed_value`.
``tornado.httpserver``
~~~~~~~~~~~~~~~~~~~~~~
* To facilitate some advanced multi-process scenarios, ``HTTPServer``
has a new method ``add_sockets``, and socket-opening code is
available separately as `tornado.netutil.bind_sockets`.
* The ``cookies`` property is now available on `tornado.httpserver.HTTPRequest`
(it is also available in its old location as a property of
`~tornado.web.RequestHandler`)
* `tornado.httpserver.HTTPServer.bind` now takes a backlog argument with the
same meaning as ``socket.listen``.
* `~tornado.httpserver.HTTPServer` can now be run on a unix socket as well
as TCP.
* Fixed exception at startup when ``socket.AI_ADDRCONFIG`` is not available,
as on Windows XP
``IOLoop`` and ``IOStream``
~~~~~~~~~~~~~~~~~~~~~~~~~~~
* `~tornado.iostream.IOStream` performance has been improved, especially for
small synchronous requests.
* New methods `tornado.iostream.IOStream.read_until_close` and
`tornado.iostream.IOStream.read_until_regex`.
* `IOStream.read_bytes` and `IOStream.read_until_close` now take a
``streaming_callback`` argument to return data as it is received rather
than all at once.
* `IOLoop.add_timeout` now accepts `datetime.timedelta` objects in addition
to absolute timestamps.
* `~tornado.ioloop.PeriodicCallback` now sticks to the specified period
instead of creeping later due to accumulated errors.
* `tornado.ioloop.IOLoop` and `tornado.httpclient.HTTPClient` now have
``close()`` methods that should be used in applications that create
and destroy many of these objects.
* `IOLoop.install` can now be used to use a custom subclass of IOLoop
as the singleton without monkey-patching.
* `~tornado.iostream.IOStream` should now always call the close callback
instead of the connect callback on a connection error.
* The `IOStream` close callback will no longer be called while there
are pending read callbacks that can be satisfied with buffered data.
``tornado.simple_httpclient``
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Now supports client SSL certificates with the ``client_key`` and
``client_cert`` parameters to `tornado.httpclient.HTTPRequest`
* Now takes a maximum buffer size, to allow reading files larger than 100MB
* Now works with HTTP 1.0 servers that don't send a Content-Length header
* The ``allow_nonstandard_methods`` flag on HTTP client requests now
permits methods other than ``POST`` and ``PUT`` to contain bodies.
* Fixed file descriptor leaks and multiple callback invocations in
`SimpleAsyncHTTPClient`
* No longer consumes extra connection resources when following redirects.
* Now works with buggy web servers that separate headers with ``\n`` instead
of ``\r\n\r\n``.
* Now sets ``response.request_time`` correctly.
* Connect timeouts now work correctly.
Other modules
~~~~~~~~~~~~~
* `tornado.auth.OpenIDMixin` now uses the correct realm when the
callback URI is on a different domain.
* `tornado.autoreload` has a new command-line interface which can be used
to wrap any script. This replaces the ``--autoreload`` argument to
`tornado.testing.main` and is more robust against syntax errors.
* `tornado.autoreload.watch` can be used to watch files other than
the sources of imported modules.
* `tornado.database.Connection` has new variants of ``execute`` and
``executemany`` that return the number of rows affected instead of
the last inserted row id.
* `tornado.locale.load_translations` now accepts any properly-formatted
locale name, not just those in the predefined ``LOCALE_NAMES`` list.
* `tornado.options.define` now takes a ``group`` parameter to group options
in ``--help`` output.
* Template loaders now take a ``namespace`` constructor argument to add
entries to the template namespace.
* `tornado.websocket` now supports the latest ("hybi-10") version of the
protocol (the old version, "hixie-76" is still supported; the correct
version is detected automatically).
* `tornado.websocket` now works on Python 3
Bug fixes
~~~~~~~~~
* Windows support has been improved. Windows is still not an officially
supported platform, but the test suite now passes and
`tornado.autoreload` works.
* Uploading files whose names contain special characters will now work.
* Cookie values containing special characters are now properly quoted
and unquoted.
* Multi-line headers are now supported.
* Repeated Content-Length headers (which may be added by certain proxies)
are now supported in `HTTPServer`.
* Unicode string literals now work in template expressions.
* The template ``{% module %}`` directive now works even if applications
use a template variable named ``modules``.
* Requests with "Expect: 100-continue" now work on python 3